Shannon Vavra – Page 20 – WindowsTechs.com

Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine

Posted on August 12, 2020 by Shannon Vavra

A verified Twitter account impersonating a top World Health Organization official recently alleged that the Trump administration was going to test a coronavirus vaccine on Black Americans without their knowledge or informed consent. The disinformation scheme originated in May with an account masquerading as Dr. Jaouad Mahjour, assistant director-general of the World Health Organization (WHO), in the latest example of attackers trying to inflame existing tension in the U.S. over issues like vaccines and racism. Tweets included racist tropes against Black Americans, and implied that the U.S. had lobbied WHO to test its vaccines on prisoners, immigrants, and Black Americans. Twitter has since suspended the account, after WHO representatives told reporters that the account in question didn’t belong to Mahjour. News of the disinformation was first reported by The Daily Beast. Neither Twitter nor the World Health Organization provided comment for this article by press time. The impersonation appeared to […]

The post Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine appeared first on CyberScoop.

Continue reading Someone duped Twitter verification to spread racist disinformation on US coronavirus vaccine→

Election interference efforts have shifted, NSA and Cyber Command election threats leads say

Posted on August 7, 2020 by Shannon Vavra

With Election Day less than 100 days away, the National Security Agency and U.S. Cyber Command are carefully monitoring threats to the 2020 U.S. presidential election from Russia, China, Iran, and groups of criminal actors, two officials said Friday. And while Russian government operatives have probed state IT systems and run hack-and-leak operations to influence U.S. elections in the past, the playbook is not necessarily the same this year, the NSA election threats lead, David Imbordino, and Brig. Gen. William Hartman, the Cyber Command election threats lead, said. While Russia depended on the Internet Research Agency (IRA) to run influence operations in 2016, they have been outsourcing operations to other actors, Imbordino and Hartman said, confirming that the IRA recently set up an offshoot of its troll farm in Ghana and Nigeria. “In terms of 2020 [in the IRA] we’ve seen a shift towards more use of proxies…intermediaries…laundering information through […]

The post Election interference efforts have shifted, NSA and Cyber Command election threats leads say appeared first on CyberScoop.

Continue reading Election interference efforts have shifted, NSA and Cyber Command election threats leads say→

Flaws in Qualcomm chips could allow snooping, Check Point finds

Posted on August 7, 2020 by Shannon Vavra

Software flaws in millions of smartphones used throughout the world could give hackers a gateway into users’ personal data. More than 400 vulnerabilities in chips used in approximately 40% of the world’s cellphones and devices could allow hackers to spy on users’ GPS location and microphones in real-time, according to new Check Point research. The vulnerable units, Digital Signal Processor units or DSP chips made by Qualcomm Technologies, specifically Qualcomm Snapdragon DSP chips, impact popular cellphones and devices from Samsung, LG, Xiaomi, and Google are vulnerable, according to researchers. DSP chips, made up of software and hardware, are designed to enhance charging, audio features, and multimedia activities. But these flaws are a reminder that as ubiquitous as chips are in popular devices, vulnerabilities abound. The Spectre and Meltdown vulnerabilities, discovered by Google’s Project Zero two years ago, affected nearly every modern computer chip, for instance. In a statement shared with CyberScoop, Qualcomm said it has seen […]

The post Flaws in Qualcomm chips could allow snooping, Check Point finds appeared first on CyberScoop.

Continue reading Flaws in Qualcomm chips could allow snooping, Check Point finds→

Someone hijacked Reddit moderator accounts to promote Trump

Posted on August 7, 2020 by Shannon Vavra

Hackers appeared to take over a number of influential Reddit accounts Friday to post messages promoting President Donald Trump’s reelection campaign. Some pages were plastered with “Make America Great Again” or “MAGA” logos, while others included messages about the president. The source of the attacks on the subreddit pages appeared to be moderator accounts, a Reddit spokesperson confirmed. “An investigation is underway related to a series of vandalized communities,” the spokesperson said. “It appears the source of the attacks were compromised moderator accounts. We are working to lock down those accounts and restore impacted communities.” Reddit moderators are often unpaid users who volunteer their time to maintain forums and discussions on the popular site. A Reddit post lists the pages that have been affected, including discussion forums dedicated to outer space, the National Football League and “The Avengers.” It was not immediately clear how the moderator accounts had been compromised or who could […]

The post Someone hijacked Reddit moderator accounts to promote Trump appeared first on CyberScoop.

Continue reading Someone hijacked Reddit moderator accounts to promote Trump→

Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in.

Posted on August 6, 2020 by Shannon Vavra

Thanks to a pair of zero-day vulnerabilities in a popular ATM, hackers could be pilfering off customers’ sensitive banking information or withdrawing hefty wads of cash, according to research from New York-based Red Balloon Security. If exploited properly, one of the vulnerabilities the researchers found in Nautilus Hyosung America ATMs would allow attackers to essentially empty the machines of cash, the researchers, Brenda So and Trey Keown, told CyberScoop. The root of the vulnerability lies in the way Nautilus implemented eXtensions for Financial Services, the software used to dispense money. The other vulnerability would allow attackers to execute malicious code in the the ATM’s remote administration interface, which normally allows ATM owners to check the amount of cash available in their machines. In experimenting with the flaw, So and Keown wrote shell code and sent a malicious payload to the ATM. Hackers that are able to do the same could point […]

The post Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in. appeared first on CyberScoop.

Continue reading Hackers can still steal wads of cash from ATMs. Here’s the vulnerabilities that could let them in.→

DEF CON’s aerospace village looks to satellite hacking to improve security in space

Posted on August 6, 2020 by Shannon Vavra

Next time your GPS app functions without interruption, or a credit card transaction is approved on the first try, consider thanking a hacker. Both of those everyday activities, along with many others, are made possible in part because of satellites, those orbiting chunks of metal that only a fraction of the population thinks about on a regular basis. Now, though, security-minded officials in the Pentagon’s Defense Digital Service (DDS), the Air Force and New York-based vendor Red Balloon Security are trying to improve satellite security by sending computer researchers the technology they would need to hack them. It’s part of an effort to ensure that those big satellites orbiting the Earth remain reliable, and keep the GPS navigation running. One research challenge, called Nyan-Sat, is broken up into three parts. Hackers are building their own satellite tracking antennae, exploiting a ground station modem, and then participating in a live-streamed ground station event. […]

The post DEF CON’s aerospace village looks to satellite hacking to improve security in space appeared first on CyberScoop.

Continue reading DEF CON’s aerospace village looks to satellite hacking to improve security in space→

Researchers found another way to hack Android cellphones via Bluetooth

Posted on August 5, 2020 by Shannon Vavra

Attackers looking to steal sensitive information like contacts, call history, and SMS verification codes from Android devices only need to target Bluetooth protocols, according to new DBAPPSecurity research presented at the 2020 Black Hat conference Wednesday. These exploits, one of which takes advantage of a zero-day vulnerability, could also allow hackers to send fake text messages if manipulated properly, researchers found. It works by allowing attackers to disguise themselves as a trusted application, requesting permissions that allow one Bluetooth-enabled device to share data with another device, such as a headset or car’s “infotainment” system. For the attack to run successfully, Bluetooth must be enabled on the target device and victims must approve the attackers’ request for privileges. In the end, this action gives attackers access to data on the victim’s device, according to the California-based company. The other attack allows researchers to take advantage of an authentication bypass vulnerability, dubbed “BlueRepli.” Would-be attackers […]

The post Researchers found another way to hack Android cellphones via Bluetooth appeared first on CyberScoop.

Continue reading Researchers found another way to hack Android cellphones via Bluetooth→

Here’s the NSA’s advice for reducing the exposure of cellphone location data

Posted on August 4, 2020 by Shannon Vavra

Take it from the experts: There is no way to fully eliminate the risk that a mobile device is exposing location data to somebody trying to track it, but there are ways to limit what leaks and why. That’s the main theme from guidance issued Tuesday by the U.S. National Security Agency, which directed its advice to Department of Defense personnel and other national security programs but published the document publicly. The guidance explains the different kinds of location information that can be used to locate mobile devices and their users, provides an analysis of misconceptions about location data, and recommends way to help users protect themselves. The NSA warns, for instance, that in addition to mobile devices storing location data in their own mobile device logs, cellular networks receive real-time coordinates for cellphones every time they connect to the network. That communication with the network also can make location information vulnerable. “This means a provider can […]

The post Here’s the NSA’s advice for reducing the exposure of cellphone location data appeared first on CyberScoop.

Continue reading Here’s the NSA’s advice for reducing the exposure of cellphone location data→

Religious, political leaders in Togo allegedly targeted with NSO Group spyware

Posted on August 3, 2020 by Shannon Vavra

The list of people allegedly targeted by NSO Group surveillance software is growing by the day. Religious and political opposition leaders in Togo were targeted last year with spyware developed by Israeli software surveillance firm NSO Group, according to security researchers at University of Toronto Munk School’s Citizen Lab. Like many of the company’s past actions, the alleged NSO surveillance in Togo used Facebook’s WhatsApp to target religious clergy and politicians, Citizen Lab researchers said. The effort was part of a broader hacking campaign that targeted thousands of WhatsApp users with NSO Group spyware in 2019, according to Citizen Lab. NSO Group has repeatedly said that its software is only sold to law enforcement or intelligence agencies in order to target terrorists and criminals. But the revelations about surveillance in Togo are just the latest allegations that NSO Group spyware has enabled surveillance of political opponents and other perceived government […]

The post Religious, political leaders in Togo allegedly targeted with NSO Group spyware appeared first on CyberScoop.

Continue reading Religious, political leaders in Togo allegedly targeted with NSO Group spyware→

DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns

Posted on August 3, 2020 by Shannon Vavra

The U.S. government publicly put forth information Monday that exposed malware used in Chinese government hacking efforts for more than a decade. The Chinese government has been using malware, referred to as Taidoor, to target government agencies, entities in the private sector, and think tanks since 2008, according to a joint announcement from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the Department of Defense, and the FBI. The Chinese Communist Party has been using the malware, in conjunction with proxy servers, “to maintain a presence on victim networks and to further network exploitation,” according to the U.S. government’s malware analysis report (MAR). In particular, Taidoor has been used to target government and private sector organizations that have a focus on Taiwan, according to previous FireEye analysis. It is typically distributed to victims through spearphishing emails that contain malicious attachments. U.S. Cyber Command, the DOD’s offensive cyber unit, has also shared samples […]

The post DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns appeared first on CyberScoop.

Continue reading DOD, FBI, DHS release info on malware used in Chinese government-led hacking campaigns→